From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Aaron Lauterer <a.lauterer@proxmox.com>
Subject: [pve-devel] applied: [PATCH v2 qemu-server] API: update_vm_api: check for CDROM on disk delete
Date: Mon, 22 Feb 2021 17:40:08 +0100 [thread overview]
Message-ID: <85079f1e-8d88-c6d0-d6f1-ad86fbf8d02d@proxmox.com> (raw)
In-Reply-To: <20210212155751.16045-4-a.lauterer@proxmox.com>
On 12.02.21 16:57, Aaron Lauterer wrote:
> Since CDRoms and disks share the same config keys, we need to check if
> it actually is a CDRom and then check the permissions accordingly.
>
> Otherwise it is possible for someone without VM.Config.CDROM
> permissions, but with VM.Config.Disk permissions to remove a CD drive
> while being unable to create a CDRom drive.
>
> Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
> ---
>
> Since it is possible to delete a CDRom while not having the permissions
> to create them, I consider this a bug.
>
> With this patch it is also possible to now remove a CDRom drive with
> only the VM.Config.CDROM permissions which needed VM.Config.Disk
> permissions before. Creating them with the CDRom permissions has already
> been possible before.
>
> PVE/API2/Qemu.pm | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
>
applied, thanks!
For the record: technically this is, in the widest sense, a backward incompatible
change and I even had a commit here prepared which would allow any of those
permissions (see below), but I dropped it, this is such a niche use case that I just
cannot believe that anybody will be affected by it - one needs to have CDROM for
adding, so basically a CDROM dev would need to be there, then a user with a role
containing 'VM.Config.Disk' but *not* 'VM.Config.CDROM', whom only needs to remove
CDROM devices but not add them, cannot do that anymore, yeah, no, really not worth
the hassle.
obsoleted dropped diff for the record only:
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index feb9ea8..c932571 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1237,7 +1237,8 @@ my $update_vm_api = sub {
PVE::QemuConfig->check_protection($conf, "can't remove drive '$opt'");
my $drive = PVE::QemuServer::parse_drive($opt, $val);
if (PVE::QemuServer::drive_is_cdrom($drive)) {
- $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM']);
+ # FIXME: remove 'VM.Config.Disk' and $any flag for PVE 7
+ $rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.CDROM', 'VM.Config.Disk'], 1);
} else {
$rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.Disk']);
}
next prev parent reply other threads:[~2021-02-22 16:40 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-12 15:57 [pve-devel] [PATCH v2 manager 1/4] ui: qemu/HardwareView: eslint: enforce "max-len" rule Aaron Lauterer
2021-02-12 15:57 ` [pve-devel] [PATCH v2 manager 2/4] ui: qemu/HardwareView: eslint: enforce "no-useless-concat" rule Aaron Lauterer
2021-02-19 15:47 ` [pve-devel] applied: " Thomas Lamprecht
2021-02-12 15:57 ` [pve-devel] [PATCH v2 manager 3/4] ui: qemu/HardwareView: eslint: enforce "no-shadow" rule Aaron Lauterer
2021-02-19 15:47 ` [pve-devel] applied: " Thomas Lamprecht
2021-02-12 15:57 ` [pve-devel] [PATCH v2 qemu-server] API: update_vm_api: check for CDROM on disk delete Aaron Lauterer
2021-02-22 16:40 ` Thomas Lamprecht [this message]
2021-02-12 15:57 ` [pve-devel] [PATCH v2 manager 4/4] ui: qemu/HardwareView: fix CDRom permission checkss Aaron Lauterer
2021-02-19 16:32 ` [pve-devel] applied: " Thomas Lamprecht
2021-02-19 15:46 ` [pve-devel] applied: [PATCH v2 manager 1/4] ui: qemu/HardwareView: eslint: enforce "max-len" rule Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=85079f1e-8d88-c6d0-d6f1-ad86fbf8d02d@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=a.lauterer@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.